Skills
skills/1nfsh-s3/skills/talking-head-production/Gen Agent Trust Hub

talking-head-production

Fail

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill promotes the command curl -fsSL https://cli.inference.sh | sh. This is a high-risk 'curl pipe to shell' pattern that downloads and executes a script from a remote server without prior local inspection.
  • [EXTERNAL_DOWNLOADS]: The skill's documentation indicates that the installation script downloads binaries from dist.inference.sh and references external skill packages via npx skills add inference-sh/skills.
  • [COMMAND_EXECUTION]: The skill uses the Bash(infsh *) tool to execute a variety of commands, including authentication via infsh login and running remote AI models for audio and video generation.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 8, 2026, 02:51 AM